CVE-2022-41304: 
Autodesk FBX SDK vulnerability analysis and mitigation

An Out-Of-Bounds Write vulnerability (CVE-2022-41304) was discovered in Autodesk FBX SDK version 2020 and prior versions. The vulnerability was disclosed on September 14, 2022, affecting applications and services utilizing the Autodesk FBX SDK software. This security flaw could potentially lead to code execution or information disclosure when processing maliciously crafted FBX files (Autodesk Advisory).

The vulnerability has been assigned a CVSS v3 base score of 7.8, with the vector string (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This high-severity vulnerability requires local access and user interaction but needs no privileges to exploit. The technical assessment indicates that successful exploitation could result in high impacts to confidentiality, integrity, and availability of the affected system (CISA Advisory).

If successfully exploited, this vulnerability could lead to code execution through maliciously crafted FBX files or result in information disclosure. The high CVSS score indicates potential severe impacts on system security, including unauthorized code execution and compromise of system data (Autodesk Advisory).

Autodesk has released version 2020.3.2 to address this vulnerability. The vendor strongly recommends that customers using affected products apply the available hotfix through the Autodesk Desktop App. For third-party developers using FBXSDK in their applications or services, it is recommended to obtain and apply the latest version of the FBXSDK (Autodesk Advisory).